Microsoft Windows MHT File Mark-Of-The-Web Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass the Mark-Of-The-Web security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created...

Microsoft Internet Explorer / ActiveX Control - Security Bypass Vulnerability

Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt twitter.com/hyp3rlinx ISR:...

Microsoft Internet Explorer / ActiveX Control - Security Bypass

Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt twitter.com/hyp3rlinx ISR:...

Microsoft Internet Explorer Active-X Control Security Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Internet Explorer MSIE...

Microsoft Internet Explorer Active-X Control Security Bypass Vulnerability

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

CVE-2021-3159

A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...

CVE-2021-3159

A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...

Internet Explorer .mht XML External Entity Vulnerability

The Internet Explorer installation on the remote host is affected by an XML External Entity attack which could lead to an information disclosure. An attacker would need to host a malicious file that is designed to exploit the vulnerability and then convince a user to download the malicious file a...

Microsoft Internet Explorer XXE Injection Information Disclosure

An XML External Entity Injection Vulnerability Exists in Internet Explorer browser. This vulnerability is due to a flaw when parsing a malicious MHT file containing a reference to an external entity. Successful exploitation of this vulnerability could allow remote attacker to potentially exfiltra...

Internet Explorer XXE vulnerability alerts-a vulnerability alert-the black bar safety net

GMT 4 on 11 May, the Foreign Security Fellow at the John Page public disclosure Internet Explorer 11 XXE vulnerability, successful exploitation of the vulnerability will lead to local file disclosure. Microsoft learned of the vulnerability, given a”temporary non-fix”results. In view of the...

The IE 11 browser is the explosion of security vulnerabilities: remotely steal local PC file-bug warning-the black bar safety net

Recently security experts in the IE 11 browser on the found new vulnerabilities in the process. MHT saved page can allow a hacker to steal the PC on the file. More importantly. MHT file format the default processing application is the IE 11 browser, so even the Chrome as the default web browser o...

Microsoft Internet Explorer 11 - XML External Entity Injection

Microsoft Internet Explorer 11 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor...

Microsoft Internet Explorer 11 XML Injection Exploit

Exploit for windows platform in category remote exploits + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor www.microsoft.com...

Chrome < 62 UXSS(CVE-2017-5124)

No description provided by source. PoC.mht ------------------------- MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html...

Google Chrome < 3.0.195.32 RCE

Binary data 5225.pasl...

Google Chrome < 3.0.195.32 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 3.0.195.32. Such versions are reportedly affected by multiple issues : - The user is not warned about certain dangerous file types such as 'SVG', 'MHT', and 'XML'. In some browsers, JavaScript can execute within these types...

.MHT Buffer Overflow in Internet Explorer

CANON SYSTEM SOLUTIONS INC. Security Alert VULNERABILITY:.MHT Buffer Overflow in Internet Explorer DATE FOUND:March 2, 2003 Severity:High Riskcode can be executed remotely ========================================================================== ==== SUMMARY: IE5 introduced the new 'Web Archive'...